Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: SQL Server 2005 - 1 Year And Not Yet Counting...

    Vulnerabilities, that is. It has been about a year now since SQL Server 2005, so I thought this would be a good time to review how it has done security-wise. The latest SQL Server product from Microsoft has had zero vulnerabilities disclosed or fixed in its first year of availability. First, I want...
  • Blog Post: Trustworthy Computing : Learning About Threats Over 10 Years–Part 5

    This post continue my analysis of industry vulnerability disclosures started in part 4 last week and is part of an ongoing series of posts based upon Tim Rains and my recent special edition Microsoft Security Intelligence Report (SIR) called “ The evolution of malware and the threat landscape – a ten...
  • Blog Post: Oracle Announces Unbreakable Linux (aka Red Hat)

    And by "unbreakable", of course, they mean that if you drop the shrinkwrap box on the floor, the CDs won't break because it's really well padded. At least, that's what I think it means, because I don't see how anybody could think it means unbreakable security. I think I kind of feel sorry for Mary...
  • Blog Post: Microsoft SQL vs Oracle : David Litchfield Comparison Paper

    From what most will consider a more authoritative source than me, David Litchfield, a new paper addresses the question Which database is more secure? Oracle vs. Microsoft . I recently analyzed the first year of SQL Server 2005 in SQL Server 2005 - 1 Year And Not Yet Counting... and the Enterprise Security...
  • Blog Post: SQL Server - Fact Checking Recent Vulnerability History

    UPDATE: The story that originally got my attention has been updated in all of the places I could still find it yesterday, so I'm pulling my references to the story and just focusing on the positive story of SQL Security improvement. Jeff Last week a web-based news story comes to my attention which asserted...
  • Blog Post: Millions of Java Exploit Attempts: The Importance of Keeping All Software Up To Date

    Recently I was prompted to update Java components that are installed on one of the personal computers I have at home. As the installation wizard walked me through the steps to install the update, I was reminded how ubiquitous Java is. Figure: The Java update installer that ran on my personal computer...
  • Blog Post: Enterprise Strategy Group on SQL 2005: ``Microsoft Years Ahead...''

    UPDATE: Download the full report PDF With a year's track-record, SQL Server 2005's positive security performance is being noticed beyond just my own observations ( SQL Server 2005 - 1 Year And Not Yet Counting... ). Enterprise Strategy Group (ESG), a technology industry analyst group released a study...